[PATCH v2 08/10] mtd-utils: nandwrite: prevent 32-bit overflow

[Brian Norris]

For large block- and page-sizes, the multiplication of ebsize_aligned
and pagelen can overflow a 32-bit integer.  This overflow can be
prevented by a simple change in order of operations (i.e., do division
first).

Since ebsize_aligned is always a multiple of mtd.min_io_size, this
produces no change in results.

Signed-off-by: Brian Norris <computersforpeace at gmail.com>
---
 nandwrite.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/nandwrite.c b/nandwrite.c
index 8ec5afe..aea7572 100644
--- a/nandwrite.c
+++ b/nandwrite.c
@@ -440,8 +440,13 @@ int main(int argc, char * const argv[])
 		goto closeall;
 	}
 
-	// Allocate a buffer big enough to contain all the data (OOB included) for one eraseblock
-	filebuf_max = pagelen * ebsize_aligned / mtd.min_io_size;
+	/*
+	 * Allocate a buffer big enough to contain all the data (OOB included)
+	 * for one eraseblock. The order of operations here matters; if ebsize
+	 * and pagelen are large enough, then "ebsize_aligned * pagelen" could
+	 * overflow a 32-bit data type.
+	 */
+	filebuf_max = ebsize_aligned / mtd.min_io_size * pagelen;
 	filebuf = xmalloc(filebuf_max);
 	erase_buffer(filebuf, filebuf_max);
 
-- 
1.7.0.4